1.15.0 (#90)

* attach env_file to compose build and compose pull stages

* fmt and bump rust version

* bump dependencies

* ignored for Sqlite message

* fix Build secret args info

* improve secret arguments info

* improve environment, ports, volumes deserializers

* rename `mongo` to `database` in config

* support _FILE in secret env vars

* improve setup - simpler compose

* remove aws ecr container registry support, alpine dockerfiles

* log periphery config

* ssl_enabled mode

* log http vs https

* periphery client accept untrust ssl certs

* fix nav issue from links

* configurable ssl

* KOMODO_ENSURE_SERVER -> KOMODO_FIRST_SERVER

* mount proc and ssl volume

* managed sync

* validate files on host resource path

* remove sync repo not configured guards

* disable confirm dialog

* fix sync hash / message Option

* try dev dockerfile

* refresh sync resources after commit

* socket invalidate handling

* delete dev dockerfile

* Commit Changes

* Add Info tab to syncs

* fix new Info parsing issue with serde default

* refresh stack cache on create / update

* managed syncs can't sync themselves

* managed syncs seems to work

* bump thiserror

* use alpine as main dockerfile

* apt add --no-cache

* disable user write perms, super admin perms to manage admins

* manage admin user UI

* implement disable non admin create frontend

* disable create non admin

* Copy button shown based on permission

* warning message on managed sync

* implement monaco editor

* impl simple match tags config

* resource sync support match tags

* more match tag filtering

* improve config with better saving diffs

* export button use monaco

* deser Conversions with wrapping strings

* envs editing

* don't delete variables / user groups if match tags defined

* env from_str improve

* improve dashboards

* remove core ca stuff for now

* move periphery ssl gen to dedicated file

* default server address periphery:8120

* clean up ssl configs

* server dashboard

* nice test compose

* add discord alerter

* discord alerter

* stack hideInfo logic

* compose setup

* alert table

* improve config hover card style

* update min editor height and stack config

* Feat: Styling Updates (#94)

* sidebar takes full screen height

* add bg accent to navbar

* add aschild prop to topbar alerts trigger

* stylize resource rows

* internally scrollable data tables

* better hover color for outlined button

* always show scrollbar to prevent layout shift

* better hover color for navbar

* rearrange buttons

* fix table and resource row styles

* cleanup scrollbar css

* use page for dashboard instead of section

* fix padding

* resource sync refactor and env keep comments

* frontend build

* improve configs

* config nice

* Feat/UI (#95)

* stylize resource rows

* internally scrollable data tables

* fix table and resource row styles

* use page for dashboard instead of section

* fix padding

* add `ResourcePageHeader` to required components

* add generic resource page header component

* add resource page headers for all components

* add resource notificaitons component

* add `TextUpdateMenu2` for use in resource page

* cleanup resource notificaitons

* update resource page layout

* ui edits

* sync kind of work

* clean up unused import

* syncs seem to work

* new sync pending

* monaco diff hide unchanged regions

* update styling all in config  resource select links

* confirm update default strings

* move procedure Add Stage to left

* update colors / styles

* frontend build

* backend for write file contents to host

* compose reference ports comment out

* server config

* ensure parent directory created

* fix frontend build

* remove default stack run_directory

* fix periphery compose deploy response set

* update compose files

* move server stats under tabs

* fix deployment list item getting correct image when not deployed

* stack updates cache after file write

* edit files on host

* clean up unused imports

* top level config update assignment must be spread

* update deps, move alert module

* move stack module

* move sync module

* move to sync db_client usage after init

* support generic OIDC provider

* init builders / server templates specifying https

* special cases for server / deployment state

* improve alert details

* add builder template `use_https` config

* try downgrade aws sdk ec2 for x86 build

* update debian dockerfiles to rm lists/*

* optionally configure seperate KOMODO_OIDC_REDIRECT

* add defaults to compose.env

* keep tags / search right aligned when view only

* clean up configs

* remove unused migrator deps

* update roadmap support generic OIDC

* initialize sync use confirm button

* key_value syntax highlighting

* smaller debian dockerfiles

* clean up deps.sh

* debian dockerifle

* New config layout (#96)

* new config layout

* fix image config layout and components config

* fix dom nesting and cleanup components

* fix label, make switches flex row

* ensure smooth scroll on hash navigations

* width 180 on config sidebar

* slight edits to config

* log whether https builder

* DISABLED <switch> ENABLED

* fix some more config

* smaller checked component

* server config looking good

* auto initialize compose files when files on host

* stack files on host good

* stack config nice

* remove old config

* deployments looking good

* build looking good

* Repo good

* nice config for builders

* alerter good

* server template config

* syncs good

* tweak stack config

* use status badge for update tables

* unified update page using router params

* replace /updates with unified updates page

* redirect all resource updates to unified update page

* fix reset handling

* unmount legacy page

* try periphery rustls

* rm unused import

* fix broken deps

* add unified alerts apge

* mount new alerts, remove old alerts page

* reroute resource alerts to unified alerts page

* back to periphery openssl

* ssl_enabled defaults to false for backward compat

* reqwest need json feature

* back to og yaml monaco

* Uncomment config fields for clearer config

* clean up compose env

* implement pull or clone, avoid deleting repo directory

* refactor mongo configuration params

* all configs respect empty string null

* add back status to header

* build toml don't have version if not auto incrementing

* fix comile

* fix repo pull cd to correct dir

* fix core pull_or_clone directory

* improve statuses

* remove ' ' from kv list parser

* longer CSRF valid for, to give time to login / accept

* don't compute diff / execute if there are any file_errors

* PartialBuilderConfig enum user inner option

* move errors to top

* fix toml init serializer

* server template and bulder manually add config.params line

* better way to check builder / template params empty

* improve build configs

* merge links into network area deployment

* default periphery config

* improve SystemCommand editor

* better Repo server / builder Info

* improve Alerts / Updates with ResourceSelector

* fix unused frontend

* update ResourceSync description

* toml use [resource.config] syntax

* update toml syntax

* update Build.image_registry schema

* fix repo / stack resource link alias

* reorder image registry

* align toml / yaml parser style

* some config updates

---------

Co-authored-by: Karamvir Singh <67458484+karamvirsingh98@users.noreply.github.com>
Co-authored-by: kv <karamvir.singh98@gmail.com>

compose/compose.env

@@ -1,40 +1,120 @@
-##############################
-# KOMODO COMPOSE - VARIABLES #
-##############################
+###################################
+# 🦎 KOMODO COMPOSE - VARIABLES 🦎 #
+###################################
 
-## These env variables can be used with all Komodo deployment options.
-## Pass these variables using to the compose up command using `--env-file`.
+## These compose variables can be used with all Komodo deployment options.
+## Pass these variables to the compose up command using `--env-file komodo/compose.env`.
+## Additionally, they are passed to both Komodo Core and Komodo Periphery with `env_file: ./compose.env`,
+## so you can pass any additional environment variables to Core / Periphery directly in this file as well.
 
-## DB credentials
+## 🚨 Uncomment below for arm64 support 🚨
+# COMPOSE_KOMODO_IMAGE_TAG=latest-aarch64
+
+## Note: 🚨 Podman does NOT support local logging driver 🚨. See Podman options here:
+## `https://docs.podman.io/en/v4.6.1/markdown/podman-run.1.html#log-driver-driver`
+COMPOSE_LOGGING_DRIVER=local # Enable log rotation with the local driver.
+
+## DB credentials - Ignored for Sqlite
 DB_USERNAME=admin
 DB_PASSWORD=admin
 
+#=-------------------------=#
+#= Komodo Core Environment =#
+#=-------------------------=#
+
+## Full variable list + descriptions are available here:
+## 🦎 https://github.com/mbecker20/komodo/blob/main/config/core.config.toml 🦎
+
+## Note. Secret variables also support `${VARIABLE}_FILE` syntax to pass docker compose secrets.
+## Docs: https://docs.docker.com/compose/how-tos/use-secrets/#examples
+
 ## Used for Oauth / Webhook url suggestion / Caddy reverse proxy.
 KOMODO_HOST=https://demo.komo.do
-
 ## Displayed in the browser tab.
 KOMODO_TITLE=Komodo
+## Create a server matching this address as the "first server".
+## Use `https://host.docker.internal:8120` when using systemd-managed Periphery.
+KOMODO_FIRST_SERVER=https://periphery:8120
+## Make all buttons just double-click, rather than the full confirmation dialog.
+KOMODO_DISABLE_CONFIRM_DIALOG=false
 
-## Secrets
-KOMODO_PASSKEY=a_random_passkey # used to auth against periphery.
-KOMODO_WEBHOOK_SECRET=a_random_secret # used to auth incoming webhooks.
-KOMODO_JWT_SECRET=a_random_jwt_secret # used to generate jwt.
+## Rate Komodo polls your servers for
+## status / container status / system stats / alerting.
+## Options: 1-sec, 5-sec, 15-sec, 1-min, 5-min.
+## Default: 15-sec
+KOMODO_MONITORING_INTERVAL="15-sec"
+## Rate Komodo polls Resources for updates,
+## like outdated commit hash.
+## Options: 1-min, 5-min, 15-min, 30-min, 1-hr.
+## Default: 5-min
+KOMODO_RESOURCE_POLL_INTERVAL="5-min"
 
-## Auth
+## Used to auth against periphery. Alt: KOMODO_PASSKEY_FILE
+KOMODO_PASSKEY=a_random_passkey
+## Used to auth incoming webhooks. Alt: KOMODO_WEBHOOK_SECRET_FILE
+KOMODO_WEBHOOK_SECRET=a_random_secret
+## Used to generate jwt. Alt: KOMODO_JWT_SECRET_FILE
+KOMODO_JWT_SECRET=a_random_jwt_secret
+
+## Enable login with username + password.
 KOMODO_LOCAL_AUTH=true
+## Disable new user signups.
 KOMODO_DISABLE_USER_REGISTRATION=false
+## All new logins are auto enabled
+KOMODO_ENABLE_NEW_USERS=false
+## Disable non-admins from creating new resources.
+KOMODO_DISABLE_NON_ADMIN_CREATE=false
+## Allows all users to have Read level access to all resources.
+KOMODO_TRANSPARENT_MODE=false
+
+## Time to live for jwt tokens.
+## Options: 1-hr, 12-hr, 1-day, 3-day, 1-wk, 2-wk
+KOMODO_JWT_TTL="1-day"
+
+## OIDC Login
+KOMODO_OIDC_ENABLED=false
+## Must reachable from Komodo Core container
+# KOMODO_OIDC_PROVIDER=https://oidc.provider.internal/application/o/komodo
+## Must be reachable by users (optional if it is the same as above).
+# KOMODO_OIDC_REDIRECT=https://oidc.provider.external/application/o/komodo
+## Your client credentials
+# KOMODO_OIDC_CLIENT_ID= # Alt: KOMODO_OIDC_CLIENT_ID_FILE
+# KOMODO_OIDC_CLIENT_SECRET= # Alt: KOMODO_OIDC_CLIENT_SECRET_FILE
+## Make usernames the full email.
+# KOMODO_OIDC_USE_FULL_EMAIL=true
+
 ## Github Oauth
 KOMODO_GITHUB_OAUTH_ENABLED=false
-KOMODO_GITHUB_OAUTH_ID=
-KOMODO_GITHUB_OAUTH_SECRET=
+# KOMODO_GITHUB_OAUTH_ID= # Alt: KOMODO_GITHUB_OAUTH_ID_FILE
+# KOMODO_GITHUB_OAUTH_SECRET= # Alt: KOMODO_GITHUB_OAUTH_SECRET_FILE
+
 ## Google Oauth
 KOMODO_GOOGLE_OAUTH_ENABLED=false
-KOMODO_GOOGLE_OAUTH_ID=
-KOMODO_GOOGLE_OAUTH_SECRET=
+# KOMODO_GOOGLE_OAUTH_ID= # Alt: KOMODO_GOOGLE_OAUTH_ID_FILE
+# KOMODO_GOOGLE_OAUTH_SECRET= # Alt: KOMODO_GOOGLE_OAUTH_SECRET_FILE
 
-## Aws
-KOMODO_AWS_ACCESS_KEY_ID=
-KOMODO_AWS_SECRET_ACCESS_KEY=
+## Aws - Used to launch Builder instances and ServerTemplate instances.
+KOMODO_AWS_ACCESS_KEY_ID= # Alt: KOMODO_AWS_ACCESS_KEY_ID_FILE
+KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE
 
-## Hetzner
-KOMODO_HETZNER_TOKEN=
+## Hetzner - Used to launch ServerTemplate instances
+## Hetzner Builder not supported due to Hetzner pay-by-the-hour pricing model
+KOMODO_HETZNER_TOKEN= # Alt: KOMODO_HETZNER_TOKEN_FILE
+
+#=------------------------------=#
+#= Komodo Periphery Environment =#
+#=------------------------------=#
+
+## Full variable list + descriptions are available here:
+## 🦎 https://github.com/mbecker20/komodo/blob/main/config/periphery.config.toml 🦎
+
+## Enable SSL using self signed certificates.
+## Connect to Periphery at https://address:8120.
+PERIPHERY_SSL_ENABLED=true
+
+## If the disk size is overreporting, can use one of these to 
+## whitelist / blacklist the disks to filter them, whichever is easier.
+## Accepts comma separated list of paths.
+## Usually whitelisting just /etc/hostname gives correct size.
+PERIPHERY_INCLUDE_DISK_MOUNTS=/etc/hostname
+# PERIPHERY_EXCLUDE_DISK_MOUNTS=/snap,/etc/repos

compose/mongo.compose.yaml

@@ -1,6 +1,6 @@
-##########################
-# KOMODO COMPOSE - MONGO #
-##########################
+###############################
+# 🦎 KOMODO COMPOSE - MONGO 🦎 #
+###############################
 
 ## This compose file will deploy:
 ##   1. MongoDB
@@ -13,11 +13,11 @@ services:
     command: --quiet # suppress mongo logs a bit
     restart: unless-stopped
     logging:
-      driver: local # enable log rotation by default. see `https://docs.docker.com/config/containers/logging/local/`
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
-    ports:
-      - 27017:27017
+    # ports:
+    #   - 27017:27017
     volumes:
       - mongo-data:/data/db
       - mongo-config:/data/configdb
@@ -26,74 +26,61 @@ services:
       MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD}
   
   core:
-    image: ghcr.io/mbecker20/komodo:latest
-    # image: ghcr.io/mbecker20/komodo:latest-aarch64 ## Use for arm support
+    image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
     restart: unless-stopped
     depends_on:
       - mongo
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
     ports:
       - 9120:9120
-    # volumes: # Optionally mount a custom core.config.toml
-    #   - /path/to/core.config.toml:/config/config.toml
-    # extra_hosts: # allows for systemd Periphery connection at "http://host.docker.internal:8120"
+    env_file: ./compose.env
+    environment:
+      KOMODO_DATABASE_ADDRESS: mongo:27017
+      KOMODO_DATABASE_USERNAME: ${DB_USERNAME}
+      KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD}
+    ## allows for systemd Periphery connection at 
+    ## "http://host.docker.internal:8120"
+    # extra_hosts:
     #   - host.docker.internal:host-gateway
-    environment: # https://github.com/mbecker20/komodo/blob/main/config/core.config.toml
-      KOMODO_HOST: ${KOMODO_HOST}
-      KOMODO_TITLE: ${KOMODO_TITLE}
-      KOMODO_ENSURE_SERVER: http://periphery:8120
-      ## Mongo
-      KOMODO_MONGO_ADDRESS: mongo:27017
-      KOMODO_MONGO_USERNAME: ${DB_USERNAME}
-      KOMODO_MONGO_PASSWORD: ${DB_PASSWORD}
-      ## Secrets
-      KOMODO_PASSKEY: ${KOMODO_PASSKEY}
-      KOMODO_WEBHOOK_SECRET: ${KOMODO_WEBHOOK_SECRET}
-      KOMODO_JWT_SECRET: ${KOMODO_JWT_SECRET}
-      ## Auth
-      KOMODO_LOCAL_AUTH: ${KOMODO_LOCAL_AUTH}
-      KOMODO_DISABLE_USER_REGISTRATION: ${KOMODO_DISABLE_USER_REGISTRATION}
-      ## Github Oauth
-      KOMODO_GITHUB_OAUTH_ENABLED: ${KOMODO_GITHUB_OAUTH_ENABLED}
-      KOMODO_GITHUB_OAUTH_ID: ${KOMODO_GITHUB_OAUTH_ID}
-      KOMODO_GITHUB_OAUTH_SECRET: ${KOMODO_GITHUB_OAUTH_SECRET}
-      ## Google Oauth
-      KOMODO_GOOGLE_OAUTH_ENABLED: ${KOMODO_GOOGLE_OAUTH_ENABLED}
-      KOMODO_GOOGLE_OAUTH_ID: ${KOMODO_GOOGLE_OAUTH_ID}
-      KOMODO_GOOGLE_OAUTH_SECRET: ${KOMODO_GOOGLE_OAUTH_SECRET}
-      ## Aws
-      KOMODO_AWS_ACCESS_KEY_ID: ${KOMODO_AWS_ACCESS_KEY_ID}
-      KOMODO_AWS_SECRET_ACCESS_KEY: ${KOMODO_AWS_SECRET_ACCESS_KEY}
-      ## Hetzner
-      KOMODO_HETZNER_TOKEN: ${KOMODO_HETZNER_TOKEN}
+    ## Optionally mount a custom core.config.toml
+    # volumes:
+    #   - /path/to/core.config.toml:/config/config.toml
 
   ## Deploy Periphery container using this block,
-  ## or deploy the Periphery binary with systemd using https://github.com/mbecker20/komodo/tree/main/scripts
+  ## or deploy the Periphery binary with systemd using 
+  ## https://github.com/mbecker20/komodo/tree/main/scripts
   periphery:
-    image: ghcr.io/mbecker20/periphery:latest
-    # image: ghcr.io/mbecker20/periphery:latest-aarch64 # Use for arm support
+    image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    restart: unless-stopped
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
+    env_file: ./compose.env
     volumes:
+      ## Mount external docker socket
       - /var/run/docker.sock:/var/run/docker.sock
-      - repos:/etc/komodo/repos # manage repos in a docker volume, or change it to an accessible host directory.
-      - stacks:/etc/komodo/stacks # manage stack files in a docker volume, or change it to an accessible host directory.
-    environment:
-      # If the disk size is overreporting, can use one of these to 
-      # whitelist / blacklist the disks to filter them, whichever is easier.
-      # Accepts comma separated list of paths.
-      # Usually whitelisting just /etc/hostname gives correct size.
-      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
-      # PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos
+      ## Allow Periphery to see processes outside of container
+      - /proc:/proc
+      ## use self signed certs in docker volume, 
+      ## or mount your own signed certs.
+      - ssl-certs:/etc/komodo/ssl
+      ## manage repos in a docker volume, 
+      ## or change it to an accessible host directory.
+      - repos:/etc/komodo/repos
+      ## manage stack files in a docker volume, 
+      ## or change it to an accessible host directory.
+      - stacks:/etc/komodo/stacks
+      ## Optionally mount a path to store compose files
+      # - /path/to/compose:/host/compose
 
 volumes:
   mongo-data:
   mongo-config:
+  ssl-certs:
   repos:
   stacks:
 

compose/postgres.compose.yaml

@@ -1,6 +1,6 @@
-#############################
-# KOMODO COMPOSE - POSTGRES #
-#############################
+##################################
+# 🦎 KOMODO COMPOSE - POSTGRES 🦎 #
+##################################
 
 ## This compose file will deploy:
 ##   1. Postgres + FerretDB Mongo adapter
@@ -12,17 +12,17 @@ services:
     image: postgres
     restart: unless-stopped
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
-      - database
-    ports:
-      - 5432:5432
+      - default
+    # ports:
+    #   - 5432:5432
     volumes:
       - pg-data:/var/lib/postgresql/data
     environment:
       - POSTGRES_USER=${DB_USERNAME}
       - POSTGRES_PASSWORD=${DB_PASSWORD}
-      - POSTGRES_DB=komodo
+      - POSTGRES_DB=${KOMODO_DATABASE_DB_NAME:-komodo}
 
   ferretdb:
     image: ghcr.io/ferretdb/ferretdb
@@ -30,84 +30,70 @@ services:
     depends_on:
       - postgres
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
-      - database
-    ports:
-      - 27017:27017
+    # ports:
+    #   - 27017:27017
     environment:
-      - FERRETDB_POSTGRESQL_URL=postgres://postgres:5432/komodo
+      - FERRETDB_POSTGRESQL_URL=postgres://postgres:5432/${KOMODO_DATABASE_DB_NAME:-komodo}
   
   core:
-    image: ghcr.io/mbecker20/komodo:latest
-    # image: ghcr.io/mbecker20/komodo:latest-aarch64 ## Use for arm support
+    image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
     restart: unless-stopped
     depends_on:
       - ferretdb
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
     ports:
       - 9120:9120
-    # volumes: # Optionally mount a custom core.config.toml
-    #   - /path/to/core.config.toml:/config/config.toml
-    # extra_hosts: # allows for systemd Periphery connection at "http://host.docker.internal:8120"
+    env_file: ./compose.env
+    environment:
+      KOMODO_DATABASE_URI: mongodb://${DB_USERNAME}:${DB_PASSWORD}@ferretdb:27017/${KOMODO_DATABASE_DB_NAME:-komodo}?authMechanism=PLAIN
+      # KOMODO_DATABASE_URI_FILE: 
+    ## allows for systemd Periphery connection at 
+    ## "http://host.docker.internal:8120"
+    # extra_hosts:
     #   - host.docker.internal:host-gateway
-    environment: # https://github.com/mbecker20/komodo/blob/main/config/core.config.toml
-      KOMODO_HOST: ${KOMODO_HOST}
-      KOMODO_TITLE: ${KOMODO_TITLE}
-      KOMODO_ENSURE_SERVER: http://periphery:8120
-      ## Mongo
-      KOMODO_MONGO_URI: mongodb://${DB_USERNAME}:${DB_PASSWORD}@ferretdb:27017/komodo?authMechanism=PLAIN
-      ## Secrets
-      KOMODO_PASSKEY: ${KOMODO_PASSKEY}
-      KOMODO_WEBHOOK_SECRET: ${KOMODO_WEBHOOK_SECRET}
-      KOMODO_JWT_SECRET: ${KOMODO_JWT_SECRET}
-      ## Auth
-      KOMODO_LOCAL_AUTH: ${KOMODO_LOCAL_AUTH}
-      KOMODO_DISABLE_USER_REGISTRATION: ${KOMODO_DISABLE_USER_REGISTRATION}
-      ## Github Oauth
-      KOMODO_GITHUB_OAUTH_ENABLED: ${KOMODO_GITHUB_OAUTH_ENABLED}
-      KOMODO_GITHUB_OAUTH_ID: ${KOMODO_GITHUB_OAUTH_ID}
-      KOMODO_GITHUB_OAUTH_SECRET: ${KOMODO_GITHUB_OAUTH_SECRET}
-      ## Google Oauth
-      KOMODO_GOOGLE_OAUTH_ENABLED: ${KOMODO_GOOGLE_OAUTH_ENABLED}
-      KOMODO_GOOGLE_OAUTH_ID: ${KOMODO_GOOGLE_OAUTH_ID}
-      KOMODO_GOOGLE_OAUTH_SECRET: ${KOMODO_GOOGLE_OAUTH_SECRET}
-      ## Aws
-      KOMODO_AWS_ACCESS_KEY_ID: ${KOMODO_AWS_ACCESS_KEY_ID}
-      KOMODO_AWS_SECRET_ACCESS_KEY: ${KOMODO_AWS_SECRET_ACCESS_KEY}
-      ## Hetzner
-      KOMODO_HETZNER_TOKEN: ${KOMODO_HETZNER_TOKEN}
+    ## Optionally mount a custom core.config.toml
+    # volumes:
+    #   - /path/to/core.config.toml:/config/config.toml
 
   ## Deploy Periphery container using this block,
-  ## or deploy the Periphery binary with systemd using https://github.com/mbecker20/komodo/tree/main/scripts
+  ## or deploy the Periphery binary with systemd using 
+  ## https://github.com/mbecker20/komodo/tree/main/scripts
   periphery:
-    image: ghcr.io/mbecker20/periphery:latest
-    # image: ghcr.io/mbecker20/periphery:latest-aarch64 # Use for arm support
+    image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    restart: unless-stopped
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
+    env_file: ./compose.env
     volumes:
+      ## Mount external docker socket
       - /var/run/docker.sock:/var/run/docker.sock
-      - repos:/etc/komodo/repos # manage repos in a docker volume, or change it to an accessible host directory.
-      - stacks:/etc/komodo/stacks # manage stack files in a docker volume, or change it to an accessible host directory.
-    environment:
-      # If the disk size is overreporting, can use one of these to 
-      # whitelist / blacklist the disks to filter them, whichever is easier.
-      # Accepts comma separated list of paths.
-      # Usually whitelisting just /etc/hostname gives correct size.
-      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
-      # PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos
+      ## Allow Periphery to see processes outside of container
+      - /proc:/proc
+      ## use self signed certs in docker volume, 
+      ## or mount your own signed certs.
+      - ssl-certs:/etc/komodo/ssl
+      ## manage repos in a docker volume, 
+      ## or change it to an accessible host directory.
+      - repos:/etc/komodo/repos
+      ## manage stack files in a docker volume, 
+      ## or change it to an accessible host directory.
+      - stacks:/etc/komodo/stacks
+      ## Optionally mount a path to store compose files
+      # - /path/to/compose:/host/compose
 
 volumes:
   pg-data:
+  ssl-certs:
   repos:
   stacks:
 
 networks:
-  default: {}
-  database: {}
+  default: {}

compose/sqlite.compose.yaml

@@ -1,6 +1,6 @@
-###########################
-# KOMODO COMPOSE - SQLITE #
-###########################
+################################
+# 🦎 KOMODO COMPOSE - SQLITE 🦎 #
+################################
 
 ## This compose file will deploy:
 ##   1. Sqlite + FerretDB Mongo adapter
@@ -12,10 +12,10 @@ services:
     image: ghcr.io/ferretdb/ferretdb
     restart: unless-stopped
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
-    # ports: # Port closed due to lack of auth.
+    # ports:
     #   - 27017:27017
     volumes:
       - sqlite-data:/state
@@ -23,71 +23,58 @@ services:
       - FERRETDB_HANDLER=sqlite
   
   core:
-    image: ghcr.io/mbecker20/komodo:latest
-    # image: ghcr.io/mbecker20/komodo:latest-aarch64 ## Use for arm support
+    image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
     restart: unless-stopped
     depends_on:
       - ferretdb
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
     ports:
       - 9120:9120
-    # volumes: # Optionally mount a custom core.config.toml
-    #   - /path/to/core.config.toml:/config/config.toml
-    # extra_hosts: # allows for systemd Periphery connection at "http://host.docker.internal:8120"
+    env_file: ./compose.env
+    environment:
+      KOMODO_DATABASE_ADDRESS: ferretdb
+    ## allows for systemd Periphery connection at 
+    ## "http://host.docker.internal:8120"
+    # extra_hosts:
     #   - host.docker.internal:host-gateway
-    environment: # https://github.com/mbecker20/komodo/blob/main/config/core.config.toml
-      KOMODO_HOST: ${KOMODO_HOST}
-      KOMODO_TITLE: ${KOMODO_TITLE}
-      KOMODO_ENSURE_SERVER: http://periphery:8120
-      ## Mongo
-      KOMODO_MONGO_ADDRESS: ferretdb:27017
-      ## Secrets
-      KOMODO_PASSKEY: ${KOMODO_PASSKEY}
-      KOMODO_WEBHOOK_SECRET: ${KOMODO_WEBHOOK_SECRET}
-      KOMODO_JWT_SECRET: ${KOMODO_JWT_SECRET}
-      ## Auth
-      KOMODO_LOCAL_AUTH: ${KOMODO_LOCAL_AUTH}
-      KOMODO_DISABLE_USER_REGISTRATION: ${KOMODO_DISABLE_USER_REGISTRATION}
-      ## Github Oauth
-      KOMODO_GITHUB_OAUTH_ENABLED: ${KOMODO_GITHUB_OAUTH_ENABLED}
-      KOMODO_GITHUB_OAUTH_ID: ${KOMODO_GITHUB_OAUTH_ID}
-      KOMODO_GITHUB_OAUTH_SECRET: ${KOMODO_GITHUB_OAUTH_SECRET}
-      ## Google Oauth
-      KOMODO_GOOGLE_OAUTH_ENABLED: ${KOMODO_GOOGLE_OAUTH_ENABLED}
-      KOMODO_GOOGLE_OAUTH_ID: ${KOMODO_GOOGLE_OAUTH_ID}
-      KOMODO_GOOGLE_OAUTH_SECRET: ${KOMODO_GOOGLE_OAUTH_SECRET}
-      ## Aws
-      KOMODO_AWS_ACCESS_KEY_ID: ${KOMODO_AWS_ACCESS_KEY_ID}
-      KOMODO_AWS_SECRET_ACCESS_KEY: ${KOMODO_AWS_SECRET_ACCESS_KEY}
-      ## Hetzner
-      KOMODO_HETZNER_TOKEN: ${KOMODO_HETZNER_TOKEN}
+    ## Optionally mount a custom core.config.toml
+    # volumes:
+    #   - /path/to/core.config.toml:/config/config.toml
 
   ## Deploy Periphery container using this block,
-  ## or deploy the Periphery binary with systemd using https://github.com/mbecker20/komodo/tree/main/scripts
+  ## or deploy the Periphery binary with systemd using 
+  ## https://github.com/mbecker20/komodo/tree/main/scripts
   periphery:
-    image: ghcr.io/mbecker20/periphery:latest
-    # image: ghcr.io/mbecker20/periphery:latest-aarch64 # Use for arm support
+    image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}
+    restart: unless-stopped
     logging:
-      driver: local
+      driver: ${COMPOSE_LOGGING_DRIVER:-local}
     networks:
       - default
+    env_file: ./compose.env
     volumes:
+      ## Mount external docker socket
       - /var/run/docker.sock:/var/run/docker.sock
-      - repos:/etc/komodo/repos # manage repos in a docker volume, or change it to an accessible host directory.
-      - stacks:/etc/komodo/stacks # manage stack files in a docker volume, or change it to an accessible host directory.
-    environment:
-      # If the disk size is overreporting, can use one of these to 
-      # whitelist / blacklist the disks to filter them, whichever is easier.
-      # Accepts comma separated list of paths.
-      # Usually whitelisting just /etc/hostname gives correct size.
-      PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname
-      # PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos
+      ## Allow Periphery to see processes outside of container
+      - /proc:/proc
+      ## use self signed certs in docker volume, 
+      ## or mount your own signed certs.
+      - ssl-certs:/etc/komodo/ssl
+      ## manage repos in a docker volume, 
+      ## or change it to an accessible host directory.
+      - repos:/etc/komodo/repos
+      ## manage stack files in a docker volume, 
+      ## or change it to an accessible host directory.
+      - stacks:/etc/komodo/stacks
+      ## Optionally mount a path to store compose files
+      # - /path/to/compose:/host/compose
 
 volumes:
   sqlite-data:
+  ssl-certs:
   repos:
   stacks: